As smartphone and tablet sales continue to increase, more employees are bringing their personal mobile devices into the corporate environment. Allowing these devices to connect to your network enterprise without any guidelines can pose a serious risk.
Securing mobile devices is one of the biggest challenges facing IT security professionals as cyber criminals turn their attention to this platform. Research firm IDC says global spending on mobile security is on track to balloon to $1.9 billion by 2015, up from $407 million in 2010.
“Businesses need to urgently secure mobile devices as employees increasingly mix work and play, but perhaps the biggest problem is awareness among users,” IDC said.
To reduce the risk and enhance mobile security, follow these tips:
Establish and maintain a mobile device security policy that describes the expected behavior and guidelines that users should follow. This policy should define both corporate-owned and personal devices that may be allowed to access the enterprise network.
Avoid Public Wi-Fi.
Avoid connecting to unsecured Wi-Fi networks. Secure Web and email with SSL/TLS, Wi-Fi with WPA2, and corporate data with mobile VPN clients.
Use network access controls (NAC) to register, authenticate and review employee owned devices that have permission to access the corporate network.
Tablets and smartphones are not shipped with on-board anti-virus, anti-spam, intrusion detection, or firewall apps. Although such apps are available, adoption has been slow. Research shows that 89% of people have installed security software on their laptop or PC, while only 9% have it installed on their mobile phones.
Encrypt your data
Use an email encryption solution to prevent access to corporate email data.
Lock the device
A remote lock and wipe service comes in really useful if your phone is ever stolen, as it helps you to retrieve or securely remove your data. This will also prevent data loss.
Accept the patches.
Similar to PCs, mobile phones need to be patched often to eliminate vulnerabilities found since the phone’s release. Most devices can accept updates wirelessly others cannot.
Are you allowed to connect mobile devices to your corporate network? If so, what security measures does your company take?